lyrathorpe/user.nix reads features.swayDesktop.enable on every host, but the
option was declared inside lyrathorpe/swaywm.nix -- so a host that does not
import swaywm.nix (a headless server) would fail evaluation. Move the option
declaration to a new always-imported system/modules/features.nix and wire it
into baseModules; swaywm.nix keeps only its implementation (config) block.
Headless hosts can now omit swaywm.nix and the flag defaults to false.
New system/modules/ssh.nix disables password and keyboard-interactive
auth and root login, and installs the authorized key for the primary
user. Imported by the two hosts that run sshd; each still enables the
service and opens port 22 in its own config.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
T400 gets the generic lenovo-thinkpad + common-pc-laptop(-ssd) +
common-cpu-intel blocks (no t400-specific profile exists); this also
enables tlp and the tp_smapi/acpi_call battery tooling. Mac Pro 3,1 gets
common-pc-ssd + common-cpu-intel. nixos-hardware follows our nixpkgs to
keep a single nixpkgs in the closure.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Declarative Neovim, on the nixos-26.05 release branch and following our
nixpkgs to keep a single nixpkgs in the closure. Consumed by
lyrathorpe/home/editor.nix.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- treefmt-nix drives `nix fmt` and the formatting check (nixfmt/shfmt/
prettier; generated files and flake.lock excluded). Replaces the
bespoke find-based check.
- deadnix and statix as flake checks and pre-commit hooks; deadnix
ignores module-arg patterns, statix.toml disables the two house-style
lints (repeated_keys, empty_pattern). Fixed the one real deadnix hit
(unused overlay arg) and statix hit (use inherit for claude-code).
- git-hooks.nix installs the pre-commit gate via the devShell.
- .editorconfig for the base style.
- Move system/modules/work/default.nix -> lyrathorpe/home/work.nix (it is
a home-manager module). README gains a Development section; docs
reformatted by the new formatter.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Prebuilt nix-index database (follows nixpkgs) so command-not-found works
immediately without a manual `nix-index` run. Consumed in shell.nix.
Lock change is purely additive; existing pins are unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Firefox draws its own chrome and ignores the GTK theme, so theme it at the
browser level. Add the rycee firefox-addons flake input and, in the
home-manager desktop layer, manage the Firefox profile (package = null --
the system programs.firefox in user.nix still provides the binary):
- install the Catppuccin Mocha theme add-on (catppuccin-mocha-mauve; only
the mauve accent is packaged upstream, so it differs slightly from the
blue accent used elsewhere),
- autoDisableScopes = 0 so it applies on first launch,
- ui.systemUsesDarkTheme + prefers-color-scheme override for dark chrome
and page content.
Verified the XPI fetches, user.js renders the prefs, finalPackage is null
(no duplicate Firefox), all Sway hosts eval, and EDaaS is unaffected.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- lyrathorpe-t400 replaces lyrathorpe-x1c: ThinkPad T400 (legacy BIOS -> GRUB,
Intel microcode + redistributable firmware for iwlwifi, pipewire, sshd).
- lyrathorpe-macpro31: new desktop host (portable = false) importing
desktop.nix. Mac Pro 3,1 has 64-bit EFI -> systemd-boot; wired NetworkManager
via desktop.nix; desktop status bar (temperature + net, no battery).
Both ship hand-written placeholder hardware-configuration.nix (root/swap/ESP by
label, GRUB device /dev/sda) to be regenerated with nixos-generate-config and
committed at install time. All five host configs evaluate; nixfmt clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add system/modules/desktop.nix (counterpart to laptop.nix): imports the
workstation base and uses wired NetworkManager instead of iwd.
Thread a `portable` flag (default true) through mkHost into specialArgs and
home-manager.extraSpecialArgs, mirroring username/fullName. lyrathorpe/home/
sway.nix consumes it to drop mobile components on desktop hosts:
- status bar swaps the battery block for CPU temperature + network throughput
- screen-brightness keybindings are omitted (no internal backlight)
No host uses desktop.nix yet; a future desktop host imports it and sets
`portable = false`. Verified by evaluating sway.nix both ways:
laptop -> [.. sound battery time] + brightness keys;
desktop -> [.. temperature net sound time], no brightness keys.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every
NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall)
imported by X1 and MBP. Strip the nixos-generate-config boilerplate from
both machine configs and reduce them to host-specific settings.
- Enable the firewall on the laptops (was disabled); X1 opens 22 next to
its sshd.
- Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency;
lock rev unchanged (still b51242d).
- Drop unused module arguments.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Set home-manager.backupFileExtension = "backup" on the NixOS and Darwin base modules. Existing machines carry hand-written ~/.zshrc and ~/.zshenv that home-manager would refuse to overwrite, aborting activation. With a backup extension, the originals are saved as .backup and activation proceeds. The oh-my-zsh setup is already declared in lyrathorpe/home/shell.nix, so the generated files supersede the old ones.
Add the nix-homebrew input and darwin module so the Homebrew prefix is installed and owned declaratively (no manual bootstrap), with enableRosetta for x86_64 formulae on Apple Silicon and user = host username.
Set homebrew.onActivation.cleanup = zap so the taps/brews/casks/masApps lists are authoritative: anything not declared is removed on activation.
Add the nix-darwin input (nix-darwin-26.05, follows nixpkgs) and a mkDarwinHost mirroring mkHost: shared commonModule (nixpkgs/nix settings) is factored out and reused, home-manager is wired via darwinModules, and identity is threaded through specialArgs.
New darwinConfigurations.lyrathorpe-mac (aarch64-darwin) reuses the cross-platform ./lyrathorpe/home modules (shell, git, editor); Linux-only sway/desktop modules are excluded. Build with: darwin-rebuild switch --flake .#lyrathorpe-mac.
Move ./emmathorpe -> ./lyrathorpe (git mv preserves history) and rename the MBP/X1 nixosConfiguration names to lyrathorpe-mbp / lyrathorpe-x1c. The EDaaS host keeps its emmathorpe-edaas name and Emma Thorpe identity; it still imports the shared (renamed) config dir.
Derivation outputs are byte-identical to before; pure relabel.
Thread username and fullName per host through the flake host table and specialArgs / home-manager.extraSpecialArgs, so user.nix and git.nix derive identity instead of hardcoding it.
MBP and X1 now provision user lyrathorpe (Lyra Thorpe). EDaaS retains emmathorpe (Emma Thorpe) and its wsl.defaultUser; work commit email is unchanged.
* fix: configure docker for EDaaS WSL VDI
Enable rootful docker with the Docker Desktop proxy patch, add emmathorpe to the docker group, disable resolvconf and enable nix-ld.
* feat: flesh out work module and pin claude-code to nixpkgs unstable
Migrate git config to the settings option, fix the signing key path and email, add argo-rollouts/google-cloud-sdk and other tooling, and enable go. claude-code is sourced from the nixpkgs-unstable overlay.
* chore: update personal git, delta and editor config
Move git config to the settings option, switch to the standalone programs.delta module with git integration, add commitizen, and treat Jenkinsfiles as groovy.
* refactor: dedupe flake with mkHost and add nixos-wsl flake input
Extract a shared mkHost helper to remove duplicated home-manager scaffolding, add nixos-wsl as a flake input so the EDaaS host builds without --impure, source claude-code via a nixpkgs-unstable overlay, and expose a nixfmt formatter output.
* style: format nix files with nixfmt
* refactor: migrate to stable nixpkgs 26.05 and track upstream asahi flake
Pin nixpkgs to nixos-26.05 and home-manager to release-26.05; claude-code stays bleeding-edge via the nixpkgs-unstable overlay.
Centralize allowUnfree and experimental-features in mkHost and pin nix.registry/nixPath to the flake nixpkgs.
Replace the vendored apple-silicon-support module with the nixos-apple-silicon flake input, dropping ~8.8k lines of vendored code.
Fix stable-induced package renames: neofetch -> fastfetch, noto-fonts-emoji -> noto-fonts-color-emoji.
* refactor: adopt flake-parts with host table and scoped unfree
Wrap outputs in flake-parts.lib.mkFlake, replacing forAllSystems boilerplate with systems + perSystem. Drop the unused self argument.
Collapse the three mkHost calls into a hosts attrset mapped with lib.mapAttrs; adding a machine is now a single table entry.
Replace blanket allowUnfree with an allowUnfreePredicate allowlist (claude-code, lens). Add devShells.default (nixfmt, nil, git) and a checks.formatting nixfmt --check gate.
* docs(flake): annotate inputs, mkHost, host table and perSystem
Explanatory comments only; no eval change (drvPath identical).
* refactor(home): split home-manager into focused modules; clarify desktop scope
Break the home.nix monolith into emmathorpe/home/{default,shell,git,editor,desktop}.nix. The host table now composes desktop.nix onto graphical hosts only, so element-desktop, the Sway session vars and cursor theme are no longer installed on the headless WSL host.
Consolidate chat apps: legcord moves from user.nix (system) into the home desktop module alongside element-desktop. The tty1 'exec sway' autostart moves into desktop.nix so it never runs on headless hosts.
Desktop functionality: add xdg.portal (wlr + gtk) in swaywm.nix to enable screen sharing and native file pickers for Element and Firefox under wlroots.
* feat(desktop): declarative Sway config with idle-lock, notifications and bar
Add emmathorpe/home/sway.nix managing wayland.windowManager.sway (package = null, reusing the system Sway wrapper) plus swaylock, swayidle, dunst and an i3status-rust bar. home-manager's systemd integration wires sway-session.target so the swayidle/dunst user services start with the session.
swayidle locks after 5 min, powers outputs off after 10, and locks before sleep. Media/brightness keys use wpctl (pipewire) and brightnessctl; the launcher is sway-launcher-desktop in a floating foot window; keyboard is set to dvorak to match the console.
Move swaylock/swayidle/dunst/i3status-rust out of the system programs.sway extraPackages (now home-managed). Add security.pam.services.swaylock on the MBP host so the lock screen can authenticate (X1 already had it with fingerprint auth).
---------
Co-authored-by: Emma Thorpe <emma.thorpe@citrix.com>
Migrate git config to the settings option, fix the signing key path and email, add argo-rollouts/google-cloud-sdk and other tooling, enable go, and wire a dedicated nixpkgs-unstable input so claude-code tracks unstable independently of the pinned nixpkgs.
Emma Thorpe
lyrathorpe